[PM-11199] added permission labels to ciphers in AC (#11210)

* added permission labels to ciphers in AC
2025-01-02 18:17:46 +01:00 · 2024-10-22 10:07:22 -04:00 · 2024-10-22 10:07:22 -04:00 · 023abe2969
commit 023abe2969
parent 4a30782939
3 changed files with 57 additions and 2 deletions
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
@ -69,7 +69,11 @@
  ></app-collection-badge>
 </td>
 <td bitCell [ngClass]="RowHeightClass" *ngIf="showGroups"></td>
-<td bitCell [ngClass]="RowHeightClass" *ngIf="viewingOrgVault"></td>
+<td bitCell [ngClass]="RowHeightClass" *ngIf="viewingOrgVault">
+  <p class="tw-mb-0 tw-text-muted">
+    {{ permissionText }}
+  </p>
+</td>
 <td bitCell [ngClass]="RowHeightClass" class="tw-text-right">
  <button
    [disabled]="disabled || disableMenu"
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
@ -5,9 +5,14 @@ import { CollectionView } from "@bitwarden/admin-console/common";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";

+import {
+  convertToPermission,
+  getPermissionList,
+} from "./../../../admin-console/organizations/shared/components/access-selector/access-selector.models";
 import { VaultItemEvent } from "./vault-item-event";
 import { RowHeightClass } from "./vault-items.component";

@ -43,9 +48,20 @@ export class VaultCipherRowComponent implements OnInit {
  @Output() checkedToggled = new EventEmitter<void>();

  protected CipherType = CipherType;
+  private permissionList = getPermissionList();
+  private permissionPriority = [
+    "canManage",
+    "canEdit",
+    "canEditExceptPass",
+    "canView",
+    "canViewExceptPass",
+  ];
  protected organization?: Organization;

-  constructor(private configService: ConfigService) {}
+  constructor(
+    private configService: ConfigService,
+    private i18nService: I18nService,
+  ) {}

  /**
   * Lifecycle hook for component initialization.
@ -91,6 +107,40 @@ export class VaultCipherRowComponent implements OnInit {
    return this.cipher.type === this.CipherType.Login && !this.cipher.isDeleted;
  }

+  protected get permissionText() {
+    if (!this.cipher.organizationId || this.cipher.collectionIds.length === 0) {
+      return this.i18nService.t("canManage");
+    }
+
+    const filteredCollections = this.collections.filter((collection) => {
+      if (collection.assigned) {
+        return this.cipher.collectionIds.find((id) => {
+          if (collection.id === id) {
+            return collection;
+          }
+        });
+      }
+    });
+
+    if (filteredCollections?.length === 1) {
+      return this.i18nService.t(
+        this.permissionList.find((p) => p.perm === convertToPermission(filteredCollections[0]))
+          ?.labelId,
+      );
+    }
+
+    if (filteredCollections?.length > 1) {
+      const labels = filteredCollections.map((collection) => {
+        return this.permissionList.find((p) => p.perm === convertToPermission(collection))?.labelId;
+      });
+
+      const highestPerm = this.permissionPriority.find((perm) => labels.includes(perm));
+      return this.i18nService.t(highestPerm);
+    }
+
+    return this.i18nService.t("noAccess");
+  }
+
  protected get showCopyPassword(): boolean {
    return this.isNotDeletedLoginCipher && this.cipher.viewPassword;
  }
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@ -347,6 +347,7 @@ export class VaultComponent implements OnInit, OnDestroy {
        // If the user can edit all ciphers for the organization then fetch them ALL.
        if (organization.canEditAllCiphers) {
          ciphers = await this.cipherService.getAllFromApiForOrganization(organization.id);
+          ciphers?.forEach((c) => (c.edit = true));
        } else {
          // Otherwise, only fetch ciphers they have access to (includes unassigned for admins).
          ciphers = await this.cipherService.getManyFromApiForOrganization(organization.id);